Initial commit

6 files changed, 129 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..2fd55c4820ad
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,30 @@
+pkgbase = hellpot
+	pkgdesc = An endless honeypot that sends bots to hell.
+	pkgver = 0.3
+	pkgrel = 1
+	url = https://github.com/yunginnanet/HellPot
+	arch = i686
+	arch = pentium4
+	arch = x86_64
+	arch = arm
+	arch = armv7h
+	arch = armv6h
+	arch = aarch64
+	license = MIT
+	makedepends = go
+	makedepends = git
+	provides = hellpot
+	conflicts = hellpot
+	backup = etc/hellpot/config.toml
+	source = HellPot-0.3.tar.gz::https://codeload.github.com/yunginnanet/HellPot/tar.gz/refs/tags/v0.3
+	source = service
+	source = tmpfiles
+	source = sysusers
+	source = config.toml
+	sha256sums = b674f47d63d0bff68dc2f427970134f813789a9768c605368fe9bb8380fd76c4
+	sha256sums = 0136fd65b73e678d12ddff09cd5f71bfea360787cf7955770fe95b64dabe8274
+	sha256sums = a370bd1f4f1caa1aa4777e3a6cb6c752f711721c9913e09c78a11d304bc53b37
+	sha256sums = d462d4a84021cb2ce0052ba6c46ad0ea6e7aab7a9459d048de892d8503a99aee
+	sha256sums = 8da2c84ec00ff3fc09a468c5389bf9388d3ca59184acfe65f1976e17840371bf
+
+pkgname = hellpot
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..32c8a7ef4fa3
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,43 @@
+# Maintainer: Jeremy Kescher <jeremy@kescher.at>
+pkgname=hellpot
+_targetname=hellpot
+pkgver=0.3
+pkgrel=1
+_srcname=HellPot-$pkgver
+pkgdesc="An endless honeypot that sends bots to hell."
+arch=('i686' 'pentium4' 'x86_64' 'arm' 'armv7h' 'armv6h' 'aarch64')
+url="https://github.com/yunginnanet/HellPot"
+license=('MIT')
+makedepends=(
+  'go'
+  'git'
+)
+provides=('hellpot')
+conflicts=('hellpot')
+source=(
+    "$_srcname.tar.gz::https://codeload.github.com/yunginnanet/HellPot/tar.gz/refs/tags/v$pkgver"
+    "service"
+    "tmpfiles"
+    "sysusers"
+    "config.toml"
+)
+backup=('etc/hellpot/config.toml')
+sha256sums=('b674f47d63d0bff68dc2f427970134f813789a9768c605368fe9bb8380fd76c4'
+            '0136fd65b73e678d12ddff09cd5f71bfea360787cf7955770fe95b64dabe8274'
+            'a370bd1f4f1caa1aa4777e3a6cb6c752f711721c9913e09c78a11d304bc53b37'
+            'd462d4a84021cb2ce0052ba6c46ad0ea6e7aab7a9459d048de892d8503a99aee'
+            '8da2c84ec00ff3fc09a468c5389bf9388d3ca59184acfe65f1976e17840371bf')
+
+build() {
+  cd "$srcdir/$_srcname"
+  go build -trimpath -buildmode=pie -mod=readonly -modcacherw -ldflags "-linkmode external -extldflags \"${LDFLAGS}\"" -o $_targetname ./cmd/HellPot
+}
+
+package() {
+  cd "$srcdir"
+  install -Dm755 $_srcname/$_targetname "${pkgdir}"/usr/bin/$_targetname
+  install -Dm644 config.toml "${pkgdir}"/etc/$_targetname/config.toml
+  install -Dm644 service "${pkgdir}"/usr/lib/systemd/system/$_targetname.service
+  install -Dm644 tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/$_targetname.conf
+  install -Dm644 sysusers "${pkgdir}"/usr/lib/sysusers.d/$_targetname.conf
+}
diff --git a/config.toml b/config.toml
new file mode 100644
index 000000000000..643f818b9a97
--- /dev/null
+++ b/config.toml
@@ -0,0 +1,21 @@
+
+[deception]
+  server_name = "nginx"
+
+[http]
+  bind_addr = "127.0.0.1"
+  bind_port = "8080"
+  paths = ["wp-login.php","wp-login"]
+  unix_socket_path = "/run/hellpot/socket"
+  unix_socket_permissions = "0666"
+  use_unix_socket = true
+
+[logger]
+  debug = false
+  directory = "/var/log/hellpot/"
+  nocolor = true
+  use_date_filename = true
+
+[performance]
+  max_workers = 256
+  restrict_concurrency = false
diff --git a/service b/service
new file mode 100644
index 000000000000..c673dff62835
--- /dev/null
+++ b/service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Hellpot
+
+[Service]
+Type=simple
+User=hellpot
+Group=hellpot
+WorkingDirectory=/etc/hellpot
+ExecStart=/usr/bin/hellpot
+ProtectSystem=strict
+ProtectHome=on
+ReadWritePaths=/run/hellpot/ /var/log/hellpot/
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_PTRACE CAP_SYS_TIME CAP_NET_ADMIN CLONE_NEWUSER CAP_SYS_NICE CAP_SYS_RESOURCE CAP_KILL 
+PrivateUsers=on
+PrivateDevices=on
+DeviceAllow=
+ProtectClock=on
+ProtectKernelTunables=on
+ProtectKernelModules=on
+ProtectKernelLogs=on
+ProtectControlGroups=on
+PrivateTmp=on
+NoNewPrivileges=on
+RestrictSUIDSGID=on
+RestrictNamespaces=uts ipc pid user cgroup
+PrivateNetwork=off
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sysusers b/sysusers
new file mode 100644
index 000000000000..8c94e04ef0fb
--- /dev/null
+++ b/sysusers
@@ -0,0 +1,2 @@
+u hellpot - - /etc/hellpot
+g hellpot - -
\ No newline at end of file
diff --git a/tmpfiles b/tmpfiles
new file mode 100644
index 000000000000..dbb1eb256222
--- /dev/null
+++ b/tmpfiles
@@ -0,0 +1,4 @@
+d /run/hellpot 0775 hellpot hellpot - -
+Z /run/hellpot - hellpot hellpot - -
+d /var/log/hellpot 0775 hellpot hellpot - -
+Z /var/log/hellpot - hellpot hellpot - -